HHS says providers should use tool for risk assessment

The HHS Office of National Coordinator for Health Information Technology and Office for Civil Rights are making a new security risk assessment tool available to help small- to mid-sized providers conduct their own risk assessments.

The ONC application, available for downloading at www.HealthIT.gov/security-risk-assessment also produces a report that can be provided to auditors. The tool is available for both Windows operating systems and iOS iPads.

“Protecting patients' protected health information is important to all healthcare providers and the new tool we are releasing will help them assess the security of their organizations,” said Karen DeSalvo, M.D., national coordinator for health information technology. “The SRA tool and its additional resources have been designed to help healthcare providers conduct a risk assessment to support better security for patient health data.”

Conducting a security risk assessment is a key HIPAA mandate and a core requirement for providers seeking payment through the Medicare and Medicaid Electronic Health Records Incentive Program, commonly known as Meaningful Use. Failure to conduct risk assessments on time has been the top problem identified in Meaningful Use attestation audits.

Many long-term care facilities might not technically be considered a small- to mid-sized provider, but they still could benefit from the new tool, ONC spokesman Peter Ashkenaz told McKnight's. They can use it to get a “sense of what risk assessment may entail,” he said.

He also recommended that long-term care providers explore the security tool at scap.nist.gov.